The present application claims priority from Israeli patent application number 122254, filed Nov. 20, 1997, which application is herein incorporated by reference.
The present invention relates to a system and method for automatically administering and managing a plurality of certificates or cryptographic keys, each associated with a set of attributes.
The use of cryptography for purposes of data security is increasingly prevalent and critical to communication and commerce over networks that include computer communications networks, satellite data links, and PBX and ISDN telephony links of various kinds. Generally speaking, cryptography is based on cryptographic keys, which may be referred to herein as xe2x80x9cC_Keysxe2x80x9d. In the description that follows, the term xe2x80x9cenvelopingxe2x80x9d may be used to denote encryption, while the phrase xe2x80x9copening an envelopexe2x80x9d may refer to decryption using a cryptographic key. Whenever one or more keys are stored (or otherwise available), there is a need for deciding, in each instance, what key is to be made available for a particular purpose. Thus, it might be desirable to make distinct keys available to distinct users, or, alternatively, to a distinct class of users for a specified purpose. The decision regarding which key, if any, is to be made available in a particular case is currently performed in a non-automated way.
Cryptographic keys may include both symmetric and asymmetric keys. Symmetric keys must always be kept only within a restricted group of users, because if a message is encrypted with a symmetric key K1 then anyone knowing K1 can decrypt that message.
For the case of asymmetric keys, at least one pair of keys is associated with each owner. One key of each pair of keys is private (known and kept only by its owner). The other key is public (i.e., it is distributed freely to the public). A message encrypted with one of the keys of the pair can be decrypted only with the other key in the pair. In addition, a message may be cryptographically signed with one of the keys in the pair and the second key in the pair may then be used to verify the authenticity of the specific message.
As used in the present description and in any appended claims, the terms xe2x80x9cownerxe2x80x9d and xe2x80x9cuserxe2x80x9d are not restricted to humans but may equally encompass machines or programs, or, for that matter, multiple tasks and devices. In the following, the names xe2x80x9cAlicexe2x80x9d and xe2x80x9cBobxe2x80x9d are used as examples.
For purposes of providing a concrete example of the use of asymmetric cryptography, it will be assumed that Alice intends to send to Bob some secure message.
Bob must have a pair of keys and Alice must know Bob""s public key;
Alice must have a pair of keys and Bob must know Alice""s public key;
Alice will sign the message using Alice""s private key and will envelope it using Bob""s public key; and
Bob will open the envelope using Bob""s private key and will check Alice""s signature using Alice""s public key.
In order to accomplish the transmission described, Alice and Bob must exchange their respective public keys in such a way that each of them knows at a satisfactory level of confidence that the key received really belongs to the real user. This is referred to as an xe2x80x9cauthentication problem,xe2x80x9d and is addressed by authentication centers. Such a centerxe2x80x94usually referred to as a Certificate Authority (CA)xe2x80x94delivers certificates by means of a Certificate Server (CS). A certificate confirms some linkage between data elements, which may include, without limitation, a name (or any other identifier) and a public key. Typical elements of a certificate are those depicted in the schematic representation of a prior art certificate shown in FIG. 1. It is assumed that the public key of some CA is well known. Hence if Alice asks for Bob""s certificate and such a certificate has been released by a particular CA, referred to as CA_X, then Alice might check the validity of the certificate and its contents (including it""s being related to Bob and usually holding Bob""s public key) by using the public key of CA_X (which is assumed to be known to Alice directly or by other well-known tracing means).
For purposes of the present description, and in any appended claim, the term xe2x80x9ccryptographic keyxe2x80x9d will, as a matter of definition, be understood to refer, as well, to certificates that contain keys. Similarly, the term xe2x80x9ccertificatexe2x80x9d will refer, as well, to keys contained within them. Finally, again as a matter of definition, the term xe2x80x9ccertificate authorityxe2x80x9d will be understood to include one or more certificate servers, whether or not pertaining to a single certificate authority.
Some user might have a number of certificates. The certificates of a user might reside on one or more certificate servers. Reasons for maintaining multiple certificates per user include, for example, separating C_Keys at home from those used at the work place, so that access by an employer, for example, does not compromise the security of the documents not related to the workplace. Another reason might be that distinct applications may use different protocols with different cryptographic schemes or different forms of data representation.
Referring again to the hypothetical example, in light of a plurality of potentially available certificates, if Alice is interested in fetching Bob""s certificate from the CS, and the CS has a number of certificates for Bob, then the CS might randomly offer to Alice one of them, all of them or none, unless Alice supplies a more precise definition that points uniquely to some specific certificate.
More particularly, Bob might have a unique identifier, referred to as Bob_UID, as well as a multiplicity of certificates located at some CS. The arrangement of stored certificates is shown schematically in FIG. 2. When Alice asks for Bob_UID, the CS has no means to know which certificate to deliver to Alice since Bob_UID points to all certificates owned by Bob.
Similarly, if Alice maintains public key counterparts of a multiplicity of keys belonging to Bob (referred to as Bob_1, Bob_2 . . . Bob_N, each unique}, then Alice has to decide each time which one of Bob""s public key to use in a particular situation. The storage of data including Bob""s certificates in Alice""s database is depicted schematically in FIG. 3, illustrating the ambiguity of a reference to Bob_UID. Furthermore, since Alice might wish to use a particular key of Bob""s for a particular task and since there are a number of public keys in Alice""s database, Alice is currently required to perform many individual non-automated steps.
Owing to the spreading prevalence of C_Key systems in the various contexts discussed above, and more particularly to the absence of well-defined relationships among technologies, protocols, certificates, etc., a method for automated C_key management and administration is desirable.
In accordance with a preferred embodiment of the present invention, there is provided a method for automatically administering and managing a plurality of certificates and/or cryptographic keys. Each key is associated with a set of attributes so that the set of attributes is specific to a particular use to which the key is intended to be put. Each user can automatically conduct any legitimate operation or process related to any certificate/key and/or group of certificates/keys by virtue of the associated set of attributes.
In accordance with an alternate embodiment of the invention, enabling the user to conduct a specified operation related to a specified cryptographic key is based at least on an association of the user and the specified operation with at least one of the set of attributes associated with the specified key. In accordance with further alternate embodiments of the invention, the plurality of cryptographic keys may be elements of an attribute vector. A set of attributes may be associated with each certificate and certificates may be selected and used on the basis of the sets of attributes.
In accordance with another aspect of the present invention, a method is provided for centrally administering and managing a plurality of certificates having contents, each certificate granted by a corresponding certificating authority. The central administration and management method has the steps of associating a set of attributes with each certificate, discerning among the certificates on the basis of the sets of attributes, and providing access to specified contents of a certificate on the basis of parameters supplied by the user, the parameters including an intended purpose supplied by the user for using the specified contents of the certificate.